Reasoning about Plans* Witold Lukaszewicz and Ewa Madalinska-Bugaj Institute of Informatics, Warsaw University 02-097 Warszawa, ul. Banacha 2, POLAND email: {witlu,ewama}@mimuw.edu.pl Abstract In classical planning we are faced with the following formal task: Given a set A of permissible actions, a description a of initial states and a description of final states, determine a plan II, i.e. a finite sequence of actions from A, such that execution of II begun in any state satisfying is guaranteed to terminate in a state satisfying In this paper we extend the classical model of planning by admitting plans that are not assured to succeed. We address two basic problems connected with such plans: (1) How to determine whether a given plan is valid (i.e. always succeeds), admissible (i.e. may succeed or fail) or inadmissible (i.e. never succeeds). (2) Given an admissible plan, determine a minimal set of observations that are to be made in the initial state (or in some intermediate state, if the plan is in progress) to validate or falsify the plan. 1 Introduction In classical planning we are faced with the following formal task: Given a set A of admissible actions, a formula describing the set of initial states and a formula representing a goal to be achieved, construct a plan II, i.e. a finite sequence of actions from A, such that execution of II begun in any state satisfying is guaranteed to terminate in a state satisfying This classical model of planning is oversimplified. In many practical settings it is reasonable to construct and execute plans that are not assured to succeed. There are two basic reasons for that. Firstly, it may happen that a plan that always achieves a final state does not exist. Secondly, even if such a plan exists, it may be better to choose a simpler, although uncertain plan. An example will help to illustrate this. Suppose I want to contact John. All information I have is his phone number and the fact that he is at home. Given this, the only plan I can choose is to call him. Of course, the plan may fail, if John's phone line is busy, but This research was partially supported by the KBN grant 8T11C001 11. there is no better possibility. To guarantee the success of the plan, I have to know that John's line is not busy at the moment. Unfortunately, this information is hardly available. Assume now that, in addition, I know John's address. In this case, I can assure my goal by visiting him. However, it may still be much more reasonable to give up this ironclad plan and to choose the previous one. In this paper, we extend the classical model of planning by permitting plans that are not assured to succeed. Such a plan is just a sequence of actions, considered relatively to some specification. A specification consists of a description of the initial states and a goal to achieve. Plans that need not behave according to their specifications can be naturally divided into three categories: (1) Those that always achieve their goals (valid plans). (2) Those that may achieve their goals or not, depending on some additional information (admissible plans). 1 (3) Those that never achieve their goals (inadmissible plans). As an example, suppose that all we know about the initial state is that a turkey is alive and the goal is to make it dead. There are two actions: load (loads a gun) and shoot (kills the turkey, provided that the gun is loaded). Consider three plans: (1) load; shoot; (2) shoot; (3) load. The first of these plans is valid, the second one is admissible, whereas the third one is inadmissible. It is important to note that an admissible plan can be often validated (i.e. made valid) or falsified (i.e. made inadmissible) by providing new observations. Reconsider the plan (2) stated above. The observation that the gun is initially loaded (resp. unloaded) validates (resp. falsifies) the plan. This paper addresses two problems: (1) How to determine whether a given plan is valid, admissible or inadmissible. (2) Given an admissible plan, determine a minimal set of observations that are to be made in the initial 1 It should be emphasized that admissible plans differ from what is called uncertain plans in the AI literature. This latter notion corresponds to plans that may fail not because some information is missing, but rather because they involve actions that succeed with some probability. (See [Boutilier et a/., 1995], for a good survey concerning uncertain plans.) LUKASZEWICZ & MADALINSKA-BUGAJ 1215
state (or in some intermediate state, if the plan is in progress) to validate or falsify the plan. To represent actions occurring in plans, we use Dijkstra's approach originally developed to deal with programs [Dijkstra, 1976; Dijkstra, Scholten, 1990]. The advantage of Dijkstra's formalism for reasoning about action and change, when compared with purely logical approaches such as Situation Calculus [McCarthy, Hayes, 1969; Lifschitz, 1988; Gelfond et a/., 1991] or Features and Fluents fsandewall, 1994], is its simplicity. It has been shown in [Lukaszewicz. Madaliriska, 1994; 1995; 1995a; Jablonowski et al., 1996]. The paper is organized as follows. We start with a brief summary of Dijkstra's semantics for a very simple programming language. Section 3 is devoted to the theory of prime implicants that play an important role in plan analysis. In section 4, we show how action languages are to be formalized using Dijkstra's methodology. In section 5, we provide a number of results allowing to analyse plans before their executions, whereas, in section 6, these results are generalized for plans in progress. Finally, in section 7, we provide conclude remarks and future work. Proofs of all stated results can be found in the full version of this paper. The formula transformers mentioned above are to be understood as follows. For each command S and each formula wp(s } ) is the formula whose models are precisely all states such that execution of S begun in any one of them is guaranteed to terminate in a state satisfying sp(s, ) is the formula whose models are precisely all states such that each of them can be reached by starting execution of S in some state satisfying a. For a detailed discussion of Dijkstra's methodology the reader should consult [Apt, Olderog, 1991]. 2.1 List of commands The considered language consists of skip command, assignment to simple variables, alternative command and sequential composition of commands 3. Semantics of these commands is specified in terms of formula transformers explained above. 1. The skip command. This is the "empty" command in that its execution does not change the computation state. The semantics of skip is thus given by 2 Introduction to Dijkstra's semantics In [Dijkstra, Scholten, 1990] we are provided with a very simple programming language whose semantics is specified in terms of formula transformers. More specifically, with each command S there are associated two formula transformers, called the weakest precondition and the strongest postcondition, denoted by wp and sp, respectively. Before providing the meaning of these transformers we introduce some terminology. First of all, we assume here that the programming language under consideration contains one type of variables only, namely Boolean variables. This assumption may seem overly restrictive, but as a matter of fact no other variables will be needed for our purpose. In the rest of this paper Boolean variables will be referred to as fluents. Let F be a set of fluents. A state over F is any function a from the members of F into the truth-values {0,1}. A state is said to be a model of a formula iff is true in 2 We ignore the weakest liberal precondition transformer, considered in [Dijkstra, Scholten, 1990], because it will not be used in the sequel. 1216 PLANNING AND SCHEDULING
LUKASZEWICZ & MADAUNSKA-BUGAJ 1217
1218 PLANNING AND SCHEDULING
LUKASZEWICZ & MADALINSKA-BUGAJ 1219
Since is inconsistent with a, whereas is consistent with a, we infer that there is one minimal countersupport for Thus, if we observe that the gun is unloaded after performing the action spin, we know that the plan will fail and should be given up. 7 Conclusions In this paper, we have argued that it makes sense to consider and execute plans that are not guaranteed to succeed. We have adressed two fundamental problems related to such plans: (1) How to determine whether a given plan is valid (i.e. always succeeds), admissible (i.e. succeeds or fails depending on some additional information) or inadmissible (i.e. always fails). (2) Given an admissible plan, determine a minimal set of observations that are to be made in the initial state (or in some intermediate state, if the plan is in progress) to validate or falsify the plan. To formalize actions occurring in plans, we have employed Dijkstra's semantics for programming languages. This allows us to represent a broad class of plans, in particular those including actions with non-deterministic effects. In addition, we do not require that initial or final states are to be completely specified. We believe that technical results stated in sections 5 and 6 can be used while constructing plans. We would like to pursue this topic in the future. Ackowledgements We would like to thank Wladyslaw M. Turski for his comments on the earlier draft of this paper. References [Apt, Olderog, 1991] K. Apt, E.Olderog. Verification of Sequential and Concurrent Programs. Springer- Verlag, 1991. [Boutilier et a/., 1995] C. Boutilier, T. Dean, S. Hanks. Planning under Uncertainty: Structural Assumptions and Computational Leverage. In Proc. 3rd European Workshop on Planning (EWSP-95), 1995. [Jablonowski et ai, 1996] J. Jablonowski, W. Lukaszewicz, E. Madaliriska-Bugaj. Reasoning about Action and Change: Defeasible Observations and Actions with Abnormal Effects. In Proc. of 20th German Conference on Artificial Intelligence, Springer- Verlag, Lecture Notes on Artificial Intelligence, 1137, p.135-148. [Lifschitz, 1988] V. Lifschitz. Formal Theories of Action. In Readings in Nonmonotonic Reasoning, M. Ginsberg (ed.), Morgan Kaufmann Publishers, Palo Alto, 1988, 35-57. [Lukaszewicz, Madalinska, 1994] W. Lukaszewicz, E. Madaliriska-Bugaj. Program Verification Techniques as a Tool for Reasoning about Action and Change. In Proc. of 18th German Conference on Artificial Intelligence, Springer-Verlag, Lecture Notes in Artificial Intelligence, 861, 226-236, 1994. [Lukaszewicz, Madaliriska, 1995] W. Lukaszewicz, E. Madaliriska-Bugaj. Reasoning about Action and Change Using Dijkstra's Semantics for Programming Languages: Preliminary Report. In Proc. IJCAI-95, Montreal, Canada, 1950-1955, 1995. [Lukaszewicz, Madaliriska, 1995a] W. Lukaszewicz, E. Madaliriska-Bugaj. Reasoning about Action and Change: Actions with Abnormal Effects. In Proc. of 19th German Conference on Artificial Intelligence, Springer-Verlag, Lecture Notes in Artificial Intelligence, 981, 209-220, 1995. [McCarthy, Hayes, 1969] J. McCarthy, P.J. Hayes. Some Philosophical Problems from the Standpoint of Artificial Intelligence. In B. Meltzer and D. Michie (eds.), Machine Intelligence 4, 1969, 463-502. [Sandewall, 1994] E. Sandewall. Features and Fluents: The Representation of Knowledge about Dynamical Systems. Oxford Logic Guides, 30, Oxford Science Publications, 1994. [Brown, 1990] F. M. Brown. Boolean Reasoning. Kluwer Academic Publishers, 1990. [Dijkstra, 1976] E. W. Dykstra. A Discipline of Programming. Prentice Hall, 1976. [Dijkstra, Scholten, 1990] E. W. Dijkstra, C. S. Scholten. Predicate Calculus and Program Semantics. Springer-Verlag, 1990. [Gelfond et a/., 1991] M. Gelfond, V. Lifschitz, A. Rabinov. What Are the Limitations of Situation Calculus? In Proc. AAA1 Symposium of Logical Formalization of Commonsense Reasoning, Stanford, 1991, 55-69. 1220 PLANNING AND SCHEDULING